Website: https://www.ccitic.org Linkedin: https://www.linkedin.com/company/ccitic X: https://x.com/CCITIC_ORGhttps://bsky.app/profile/ccitic.bsky.socialhttps://bsky.app/profile/ccitic.bsky.social/post/3mkpiikiyys2s🔻 BREACH3D arrested. 15yo, indicted for the ANTS leak — 12-18M records. 10 days after HexDex. Same conclusion: A pseudonym offers no protection. A forum offers no protection. Being a minor doesn't erase the process — it shapes it. 🤝 OFAC, BL2C, J3. #CTI #CCITIC30 Apr 2026 11:17 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mkpiikiyys2shttps://bsky.app/profile/ccitic.bsky.social/post/3mkas7jxcr22m🚨 CTI — "Imposter" ShinyHunters' private Telegram leaked by NormalLeVrai in retaliation for outing "breach3d". 341 files / 182.5 MB: full chat, connection metadata, BTC txs via Blockonomics (288f8ef...). w/ "CyberSatan" seizure = laundering fingerprint. #CTI #ShinyHunters #CCITIC24 Apr 2026 15:01 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mkas7jxcr22mhttps://bsky.app/profile/ccitic.bsky.social/post/3mk3azjg4fs2ahttps://www.leparisien.fr/faits-divers/fuite-de-donnees-hexdex-un-hacker-soupconne-de-cyberattaques-massives-interpelle-et-place-en-garde-a-vue-22-04-2026-N6RLLOFNLFHV5HHSFKLX45CYGQ.php22 Apr 2026 10:10 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mk3azjg4fs2ahttps://bsky.app/profile/ccitic.bsky.social/post/3mjzxjqhouc2f🔴 BL2C (Paris Police HQ) & Section J3 of the Paris Prosecutor's Office have seized the profile of hacker "HexDex". Targeted French public services, companies (Darty, Loxam…) & 10+ sports federations. French-speaking cybercrime is not a lawless space. #CTI #Cybersecurity21 Apr 2026 21:48 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mjzxjqhouc2fhttps://bsky.app/profile/ccitic.bsky.social/post/3mjznom2t4s2a🔴 After HexDex, "Angel_Batista" has also been seized by BL2C (Paris Police HQ) & Section J3 of the Paris Prosecutor's Office. Two major French-speaking actors down in a single day. The message is clear. #CTI #BreachForums #Takedown21 Apr 2026 18:52 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mjznom2t4s2ahttps://bsky.app/profile/ccitic.bsky.social/post/3mjrzrsiwls25CCITIC's team now brings together cybersecurity, military intelligence and law enforcement. A complementarity that enables us to act with rigor, within a strict legal framework, for sustained action against cybercrime.18 Apr 2026 18:07 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mjrzrsiwls25https://bsky.app/profile/ccitic.bsky.social/post/3mjpounebkk26It's the weekend, and where's PwnForums? 👀 It looks like they're having a bit of a rough time at the moment pwnforums[.]st17 Apr 2026 19:46 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mjpounebkk26https://bsky.app/profile/ccitic.bsky.social/post/3miwnvkyvzk2yThe big clean-up has begun. BreachForums was merely the tip of the iceberg. From now on, we go silent. But some threat actors will soon be held accountable. 🔇 No noise. Results. ⏳ The countdown has started. — CCITIC07 Apr 2026 20:52 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3miwnvkyvzk2yhttps://bsky.app/profile/ccitic.bsky.social/post/3mijsupyubs2d🔐 First #FIC2026 for CCITIC and it was exceptional! 🔥 Enriching connections, massive projects with our partners to hit cybercrime hard. 💪 Huge thanks to our earliest supporters for the invitation. This is only the beginning. ⚡ #CyberSecurity #OSINT #InfoSec #CyberCrime02 Apr 2026 18:17 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mijsupyubs2dhttps://bsky.app/profile/ccitic.bsky.social/post/3mhyqgay5gc2wThe truth of BF26 Mar 2026 23:18 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mhyqgay5gc2whttps://bsky.app/profile/ccitic.bsky.social/post/3mhw4onr25k22Yes, we submitted an abuse report. No, the hosting provider did not shut down the breachforums[.]ac server. It was simply the server that had been shut down. We received the confirmation we needed.25 Mar 2026 22:19 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mhw4onr25k22https://bsky.app/profile/ccitic.bsky.social/post/3mhkslr4o3c2v#CCITIC21 Mar 2026 10:19 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mhkslr4o3c2vhttps://bsky.app/profile/ccitic.bsky.social/post/3mhicy6dtss2h🔥 When panic switches sides… In 1 month, CCITIC has: ➡️ Taken down BreachForums backend ➡️ Taken down DarkForums ➡️ 3 LAPSUS$ takedowns in 9 days ➡️ Reported their X account Abuse reports verified by independent parties. 🧵👇20 Mar 2026 10:34 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mhicy6dtss2hhttps://bsky.app/profile/ccitic.bsky.social/post/3mhgqyzg2r223💀 DarkForums: down. After 3 LAPSUS$ takedowns in 9 days & BreachForums' 3 backend servers this weekend… 🔴 Tonight, CCITIC takes down darkforums[.]st Error 522 — host server is gone. 💀 LAPSUS$ ✅ 💀 BreachForums ✅ 💀 DarkForums ✅ 3 platforms. 1 month. Zero tolerance. Who's next? 👀19 Mar 2026 19:40 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mhgqyzg2r223https://bsky.app/profile/ccitic.bsky.social/post/3mhavslf3b2241/5 🔍 BreachForums: not a hack, not maintenance — a takedown. Two narratives circulated: LAPSUS$ claimed a hack, BF admin said routine maintenance. The reality is far more straightforward. 🧵17 Mar 2026 11:50 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mhavslf3b224https://bsky.app/profile/ccitic.bsky.social/post/3mggf6jglnc25On va pas se voiler la face. Nous avons identifié plusieurs des acteurs s'attaquant à la France et officiant sur BreachForums. S'attaquer à la santé ou à ceux en charge de notre sécurité ça ne passe simplement pas et ils finiront devant la justice. Coming Soon ! #CCITIC06 Mar 2026 22:43 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mggf6jglnc25https://bsky.app/profile/ccitic.bsky.social/post/3mgcnujpn3224🔴 Third takedown. Nine days. Same group. Lapsus$ opened lapsus[.]bz & lapsus[.]by yesterday—both offline this morning. They are rebuilding. They are being shut down by the CTI community. Thank you to everyone who contributes to our support. 👉 www.ccitic.org (SUPPORT)05 Mar 2026 11:08 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mgcnujpn3224https://bsky.app/profile/ccitic.bsky.social/post/3mgadivnylc2aLapsus$ has reopened a site (no, it hasn't been disclosed yet) but we already have the URL. Two domains #Lapsus$ #CCITIC04 Mar 2026 12:57 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mgadivnylc2ahttps://bsky.app/profile/ccitic.bsky.social/post/3mfpnlmvugs2h🔴 lapsus.sh is offline. CCITIC reported the Lapsus$ malicious infrastructure to Interserver — server successfully taken down. Thanks Interserver for the quick response. 🤝 Detect. Report. Dismantle. #ThreatIntelligence #Lapsus #CyberSecurity #CCITIC #OSINT25 Feb 2026 21:42 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mfpnlmvugs2hhttps://bsky.app/profile/ccitic.bsky.social/post/3mfnkz5dv2c25Official statement from CCITIC on the Lapsus$ case https://www.linkedin.com/posts/ccitic_lapsus-cybersecurity-threatintelligence-activity-7432224385958055936-z0qK?utm_source=social_share_send&utm_medium=member_desktop_web&rcm=ACoAAC0Jj5MBcozZ1Yt5RzGz_2j9pLSjAlktPVk25 Feb 2026 01:51 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3mfnkz5dv2c25https://bsky.app/profile/ccitic.bsky.social/post/3ma7gbpva2k2e#CCITIC #Hacker #Cybersecurity #Blackhat #Cybercrime #Infosec17 Dec 2025 19:43 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3ma7gbpva2k2ehttps://bsky.app/profile/ccitic.bsky.social/post/3ma7g2vobxc2eCCITIC ‪@ccitic.bsky.social‬ The news IP of darkforums(.)hn is 185(.)196(.)11(.)58 (proxy) hosted by globaldata again ! The ip redirect to darkforums(.)hn #CCITIC #Hacker #Cybersecurity #Blackhat #Cybercrime #Infosec17 Dec 2025 19:39 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3ma7g2vobxc2ehttps://bsky.app/profile/ccitic.bsky.social/post/3m3pz6l3aws2f#CCITIC exclusive => Information to be verified, but the #Everest ransomware group could potentially be behind or linked to the cyberattack on the Muse software developed by #CollinsAerospace, which paralysed several major airports last month! #Infosec #Cybersecurity #Cyberattack21 Oct 2025 18:58 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3m3pz6l3aws2fhttps://bsky.app/profile/ccitic.bsky.social/post/3m3pyyblslc2f#Cybersecurity #Cyberattack #Everest #Hacking #Ransomware #TOR #Offline #ServerOffline #Takedown #Leaks #CollinAerospace #Aviation #Airport #CyberNews #InfoSec #CCITIC #Hacked #Cybercrime #Infosec Sources: https://www.cyberdaily.au/security/12794-exclusive-russia-linked-hackers-claim-responsibility-for-collins-aerospace-hack21 Oct 2025 18:54 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3m3pyyblslc2fhttps://bsky.app/profile/ccitic.bsky.social/post/3m2ayffgksk2pUpdate to our report on Datacarry ransomware #CCITIC #Ransomware #Hacker #Cybersecurity #Threat #Datacarry #Blacksuit #Akira03 Oct 2025 02:09 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3m2ayffgksk2phttps://bsky.app/profile/ccitic.bsky.social/post/3ltuj5qatqs2f📢 Just out: our new #CTI report on the #Datacarry #Ransomware group ✏Summary 📆 11 orgs hit (Jun '24 – Jun '25) 🛠️ CVE-2023-48788 (Fortinet EMS) 🕸️ Chisel over WebSocket, solid infra & tooling 💻Full technical breakdown https://ccitic.org/assets/reports/CCITIC_Report_TLP-White_DATACARRY.pdf 📄by Kévin Wiart, Hyuna Lee and Rakesh Krishnan13 Jul 2025 18:33 +0000at://did:plc:qqqlcyp5jwascx2nj3wiawdb/app.bsky.feed.post/3ltuj5qatqs2f